youngkingdom/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-03-16 04:17:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c9b080499865fb0333456ea985dd46f315963a5
ragflow/web
History
guptas6est 8c9b080499 fix: update axios to 1.13.5+ to remediate CVE-2026-25639 DoS vulnerability (#13380) 
### What problem does this PR solve?

This PR remediates CVE-2026-25639, a HIGH severity Denial of Service
vulnerability in axios caused by __proto__ pollution in the mergeConfig
function. The vulnerability affects both the web frontend and the
sandbox nodejs environment.

Trivy security scan identified axios versions below 1.13.5 as
vulnerable. This PR updates axios to secure versions (1.13.6 in web,
1.13.5 in sandbox) to eliminate the security risk.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
2026-03-05 17:26:04 +08:00
..
.husky
feat: format code before submitting it #1251 (#1252)
2024-06-24 14:48:21 +08:00
.storybook
feat(storybook): Storybook with Calendar and Modal components #9869 (#10626)
2025-10-17 09:58:52 +08:00
public
Fix: replace session page icons and fix nested list search functionality in filters (#13127)
2026-02-12 19:48:35 +08:00
src
playwright : add data-testids for new test (#13364)
2026-03-04 19:28:36 +08:00
.env
Remove 'DID YOU KNOW', when start front-end (#10853)
2025-10-28 19:40:58 +08:00
.env.development
Fix: Some bugs (#12441)
2026-01-05 15:28:57 +08:00
.env.production
Fix: Some bugs (#12441)
2026-01-05 15:28:57 +08:00
.eslintrc.cjs
Fix: In the agent loop, if the await response is selected as the variable, the operator cannot be selected. #12656 (#12657)
2026-01-16 16:49:48 +08:00
.gitignore
Feat: Use storybook to display public components. #9914 (#9915)
2025-09-04 17:03:36 +08:00
.npmrc
Fix: Limit node version #3547 (#3563)
2024-11-21 18:14:22 +08:00
.prettierignore
feat: install prettier to format code and add react-dev-inspector to locate code in the IDE faster (#44)
2024-01-29 15:02:27 +08:00
.prettierrc
Feat: Add background to next login page #3221 (#4474)
2025-01-14 13:43:18 +08:00
externals.d.ts
fix: cannot save the system model setting #468 (#508)
2024-04-23 17:46:56 +08:00
index.html
Refactor: UmiJs -> Vite (#12410)
2026-01-04 19:14:20 +08:00
jest-setup.ts
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
jest.config.ts
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
package-lock.json
fix: update axios to 1.13.5+ to remediate CVE-2026-25639 DoS vulnerability (#13380)
2026-03-05 17:26:04 +08:00
package.json
Fix: remove unused files (#13232)
2026-02-27 23:05:40 +08:00
postcss.config.cjs
Refactor: UmiJs -> Vite (#12410)
2026-01-04 19:14:20 +08:00
README.md
Update Admin UI user guide docs (#11183)
2025-11-11 20:29:20 +08:00
tailwind.config.js
Feat: Add model verify (#13005)
2026-02-05 15:53:20 +08:00
tailwind.css
Add task executor bar chart, add system version string (#11155)
2025-11-11 15:20:37 +08:00
tsconfig.json
Refactor: Refactoring OllamaModal using shadcn. #1036 (#12530)
2026-01-09 13:42:28 +08:00
tsconfig.node.json
Refactor: UmiJs -> Vite (#12410)
2026-01-04 19:14:20 +08:00
typings.d.ts
Feat: Add FilesTable #3221 (#4491)
2025-01-15 14:39:33 +08:00
vite.config.ts
Feat: Write the row and column numbers into the element's data attribute for easy code location. (#13368)
2026-03-04 20:50:58 +08:00

README.md

Install front-end dependencies

npm install

Launch front-end

npm run dev

The following output confirms a successful launch of the system:

Login to RAGFlow web UI

Open your browser and navigate to:

http://localhost:9222 or http://[YOUR_MACHINE_IP]:9222

Replace [YOUR_MACHINE_IP] with your actual machine IP address (e.g., http://192.168.1.49:9222).

Login to RAGFlow web admin UI

Open your browser and navigate to:

http://localhost:9222/admin or http://[YOUR_MACHINE_IP]:9222/admin

Replace [YOUR_MACHINE_IP] with your actual machine IP address (e.g., http://192.168.1.49:9222/admin).

Shutdown front-end

Ctrl + C or

kill -f "umi dev"